Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
The build tree structure used internally by mako
The Tree
constructor (documented below) is the primary export for the module. It must be used
with the new
keyword.
var Tree = require('mako-tree');
var tree = new Tree();
Each instance represents a build tree. Internally, a graph is used to manage the relationships between all the files being tracked.
The root
is a project root that will determine all file.base
properties. Only 1 root is
supported per tree. Also, this value will override any base
parameter you specify in when
adding files.
This class implements the Iterable
interface, which iterates the files in the tree in topological
order. (see Tree#getFiles()
for more information)
for (const file of tree) {
// iterate files in topological order
}
This sugar allows you to treat the tree itself as an iterable, which can be useful in interacting with other APIs.
Returns a Boolean
reflecting if the given file
exists in the tree.
Creates a file with the given params
and adds it to the tree.
Returns the File
instance for the given file
ID.
Searches the tree for a file that has the given path
. (either currently, or at any point in
it's history) If none is found, it simply returns undefined
.
Returns an Array
of all the File
objects in this graph.
If options.topological
is set, the returned list will be in
topological order, which respects all
dependencies so processing is safe where order matters.
Removes the given file
from the tree. It will throw an exception if that file has any current
dependency links.
If options.force
is set, it will forcefully remove the file, as well as any remaining links.
Returns a Boolean
reflecting if the dependency relationship between parent
and child
already
exists in the tree.
If options.recursive
is true
, it will check the dependency tree recursively.
Adds a new dependency relationship to the graph setting parent
as depending on child
.
If either parent
or child
are not already in the graph, it will throw.
Removes the dependency link between parent
and child
.
If this link does not already exist, this will throw.
Returns an Array
of files that are direct dependencies of the given file
.
If options.recursive
is set, it will return all the files down the entire dependency chain.
Returns a Boolean
reflecting if the dependency relationship between child
and parent
already
exists in the tree.
If options.recursive
is true
, it will check the dependency tree recursively.
Adds a new dependency relationship to the graph setting child
as depended on by parent
.
If either parent
or child
are not already in the graph, it will throw.
Removes the dependency link between parent
and child
.
If this link does not already exist, this will throw.
Returns an Array
of files that directly depend on the given file
.
If options.recursive
is set, it will return all the files up the entire dependency chain.
Returns the number of files in the tree.
Returns a new Tree
object that is an effective clone of the original.
Removes any files from the graph that are unaccessible by any of the provided anchors
files.
Removes any cycles found in the tree. This is only a last-ditch effort before attempting topological sorting, so it makes no guarantees about where it breaks cycles. (circular dependencies should work, but that doesn't change the fact that they should be avoided if possible)
Returns a trimmed object that can be serialized as JSON. (it should be possible to reconstruct the tree from the output)
Serializes the tree into a JSON string, which can be written to disk (and then read back) to help reduce the amount of duplicate work between different runs of mako.
The space
parameter is there if you want to "pretty-print" the JSON output.
Unserializes a JSON string into a Tree
instance. (see Tree#toJSON()
)
This file class extends vinyl. The params
will be passed
directly to that constructor. (except where params
is a string, then it will be passed as
{ path: params }
)
A getter/setter for the extension name. (without a leading .
)
A getter that retrieves the original path for this file.
A getter that retrieves the original type for this file. (without a leading .
)
A Buffer
containing the contents for this file.
NOTE: using strings is no longer supported for this property as Vinyl only supports Buffer
and Stream
values.
Short-hand for tree.hasDependency(file.path, child)
.
Short-hand for tree.addDependency(file.path, child)
.
Short-hand for tree.removeDependency(file.path, child)
.
Short-hand for tree.dependenciesOf(file.path, options)
.
Short-hand for tree.hasDependant(file.path, parent)
.
Short-hand for tree.addDependency(file.path, parent)
.
Short-hand for tree.removeDependant(file.path, parent)
.
Short-hand for tree.dependantsOf(file.path, options)
.
Used by mako to reset a file enough that it can be safely processed again.
Creates a clone of this file, such as when cloning the parent Tree
.
Copies this file to a newPath
(relative to current path) with a new ID that
can be added to a Tree
as a distinct file.
Available options
:
resetPath
when enabled, the path history will only contain the newPath
Returns a cloned object that can be JSON-serialized.
Returns a string representation via Vinyl#inspect()
useful for logging.
Takes a plain object and converts it into a File
instance.
The id generator for files, exposed here to allow public use and customization.
FAQs
The build tree structure used internally by mako
We found that mako-tree demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.